package com.ts.login.control;

import com.ts.comm.SysString;
import com.ts.log.AppLog;
import com.ts.login.bean.UserInfo;
import com.ts.login.dao.LoginDao;
import org.apache.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.util.WebUtils;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;

/**
 * Created by xhc on 2017/3/28.
 */
@Controller
public class LoginControl {

    @Resource
    private LoginDao loginDao;

    Logger log=Logger.getLogger(LoginControl.class);
    /**
     * 用户登录
     * @param req
     * @param m 传出参数
     * @param usercode 用户代码（必须和form表单name一致）
     * @param userpwd 用户密码（必须和form表单name一致）
     * @return
     */
    @AppLog(mCode = "0",desc = "登录")
    @RequestMapping(value = "/login",method = RequestMethod.POST)
    public String login(HttpServletRequest req, Model m, String usercode, String userpwd){

        String sUrl="";
        String msg="";
        try {
            usercode=usercode.toUpperCase();
            UsernamePasswordToken token = new UsernamePasswordToken(usercode,userpwd);
            //记录该令牌
            token.setRememberMe(false);
            //subject权限对象
            Subject subject = SecurityUtils.getSubject();
            subject.login(token);
            if (subject.isAuthenticated()) {
                sUrl="index";
                UserInfo u=loginDao.getUser(usercode);
                //用户信息存储在session中
                WebUtils.setSessionAttribute(req,"user",u);
                log.info("登录验证成功！");
            }else{

                sUrl="../login";
            }
        } catch (IncorrectCredentialsException e) {
            msg = "登录密码错误!";
        } catch (ExcessiveAttemptsException e) {
            msg = "登录失败次数过多!";
        } catch (LockedAccountException e) {
            msg = "帐号已被锁定!";
        } catch (DisabledAccountException e) {
            msg = "帐号已被禁用!";
        } catch (ExpiredCredentialsException e) {
            msg = "帐号已过期!";
        } catch (UnknownAccountException e) {
            msg = "帐号不存在!";
        } catch (UnauthorizedException e) {
            msg = "您没有得到相应的授权！";
        }catch (Exception e){
            msg=e.getLocalizedMessage();
        }
        if(!SysString.isEmpty(msg)){
            sUrl="../login";
            m.addAttribute("msg", msg);
        }

        return sUrl;
    }

    @AppLog(mCode = "0",desc = "注销")
    @RequestMapping(value = "/loginOut",method = RequestMethod.GET)
    public String loginOut(){
        /*Subject subject = SecurityUtils.getSubject();
        if(subject!=null && subject.isAuthenticated()) {
            subject.logout();
        }*/
        log.info("用户注销成功！");
        return "../login";
        //return "redirect:/login.jsp";
    }

}
